|
1
|
- |
|
-
|
-
|
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46720
|
2026-05-18 03:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and th…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43500
|
2026-05-18 01:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFuncti…
New
|
CWE-20
CWE-917
Improper Input Validation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-8759
|
2026-05-18 00:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lea…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-8758
|
2026-05-17 23:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…
New
|
CWE-22
Path Traversal
|
CVE-2026-8757
|
2026-05-17 23:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the comp…
New
|
CWE-22
Path Traversal
|
CVE-2026-8756
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl…
New
|
CWE-22
Path Traversal
|
CVE-2026-8755
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulatio…
New
|
CWE-22
Path Traversal
|
CVE-2026-8754
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8753
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the…
New
|
CWE-89
SQL Injection
|
CVE-2018-25339
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
